Commit Graph

3730 Commits

Author SHA1 Message Date
Fabien O'Carroll
0c602976c0 Passed members_email_auth_secret to members-api
no-issue
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
cbb13904b8 Added members_email_auth_secret setting
no-issue

This will be used for signing HS256 JWTs it's a 64 byte (256 bit) hex
string
2019-10-11 13:47:48 +07:00
Fabien O'Carroll
ef5e6f7e5b Removed text-transform: capitalize from buttons
no-issue

Button text should be sentence case not title case
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
527632f287 Updated members email templates
no-issue

These changes fix come colors and styles
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
3062ec7690 Wired up members plaintext emails
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
257bebbb39 Wired up the members emails templates
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
f4d202d7c5 Added member email templates
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
98f27c1c33 Added getSubject function for members emails
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
6f160518d1 Ensured that members emails include our text version
no-issue
2019-10-11 11:45:11 +07:00
Fabien O'Carroll
b030081a4b Updated GhostMailer to allow forcing text content
no-issue

This is so that we can pass our own customised text content
2019-10-11 11:45:11 +07:00
Naz Gargol
1b04b48ffd Added from parameter for member emails (#11222)
* Added from parameter for member emails

no issue

- Passed in the `from` parameter when initializing members mailer to be able to customize outgoing address
- Extends GhsotMailer to accept a from parameter from the outside
2019-10-11 11:21:53 +07:00
Kevin Ansfield
6b3c4a59b4 🐛 Fixed rendering and url transformation of v1 "card-markdown" aliased cards
no issue

- Ghost 1.x stored markdown cards with the name `card-markdown`, this was changed in Ghost 2.x to be `markdown`. To keep compatibility with the older mobiledoc content the `markdown` card was aliased using a straightforward `Object.assign()`. Unfortunately this failed to work adequately when the url transformation functions were added to cards and resulted in corrupted data being returned in API responses
- moved the markdown card definition into a factory function so that a clean card definition object can be used for both the `markdown` and `card-markdown` cards
2019-10-10 16:35:29 +01:00
Rish
4f0ca2914f Updated members schema validation for name
no issue

- Removed minimum length requirement for `name` as its possible to have empty name for a member
2019-10-10 17:26:56 +05:30
Fabien O'Carroll
6b4e6fb400 Removed unused stripe_customers relationship
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
99681e692a Updated the create,get&update member functions
no-issue

This updates them to async functions, and defaults falsy name and note to null
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
38832d5c6b Added note to member json schema
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
f3a8119870 Added note column to csv import/export for members
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
fe59613867 Wired up the note property to members-api
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
035cb55ca9 Added migration for note column on members table
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
0a40d11af9 Added note column to members table
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
58651caa32 Removed members endpoint from admin v2 api
no-issue
2019-10-10 17:51:46 +07:00
Fabien O'Carroll
dd214d71dc Decoupled add from importCSV queries
no-issue
2019-10-10 17:51:46 +07:00
Kevin Ansfield
7fc10106dc Merge branch 'master' into v3 2019-10-10 10:37:42 +01:00
Nazar Gargol
977fb5f650 Added reading_time property to post/page resources in Content API 2019-10-10 15:42:04 +07:00
Nazar Gargol
4a10ddc8fa Fixed unsafeAttributes fetching in Admin API v2
no issue

- This check was misside and only was implemented for canary.
2019-10-09 21:16:27 +02:00
Kevin Ansfield
587bd8accb Merge branch 'master' into v3 2019-10-09 15:04:09 +01:00
Kevin Ansfield
dc9a22d4de
Updated post model url transforms for posts/posts_meta split (#11223)
no issue

- `og_image` and `twitter_image` fields are now located in a separate model so the transform functionality for those fields needed to move accordingly
2019-10-09 13:38:08 +01:00
Rish
e7d7d9fdcc Added new fromAddress setting for member subscriptions
no issue

- Adds new `fromAddress` setting for member subscriptions to allow custom from mail address
2019-10-09 15:28:40 +05:30
Naz Gargol
0225936292
Removed subscribers from the codebase (#11153)
refs https://github.com/TryGhost/Ghost/pull/11152

- Added subscribers table drop migration
- Removed subscribers from schema
- Removed subscribers controllers/routes/regression tests
- Removed subscriber related API code
- Removed subscribers from internal apps
- Removed subscriber importer
- Removed subscriber model
- Removed subscriber related permissions
- Removed webhook code related to subscribers
- When upgrading to v3 it is on the site admin to migrate all zapps or any other webhook clients to use members
- Removed subscriber-specific translation
- Removed subscriber lab flag
2019-10-09 11:47:04 +02:00
Fabien O'Carroll
b77026870b Moved migrations from 3.0 to 2.34
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
cbb6337ae4 Prefixed stripe_customers_subscriptions with members
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
29b3dad302 Updated get/set metadata fn signatures
no-issue

This is to reflect an upstream change in members-api
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
4c07d86086 Updated getMemberMetadata to use findAll method
no-issue

This means we go via our version of the bookshelf model
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
ee0449245a Updated setMemberMetadata to use upsert method
no-issue

Much cleaner now :)
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
3366bd1254 Added upsert method to stripe models
no-issue

This is kind of copied from the session model, but simplified
This will allow much easier integration with members-api
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
998642eb24 Allowed filter option for findAll method
no-issue

This will allow us to constrain findAll queries, rather than using knex
`where` & `fetchAll` methods
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
a6354d1acb Updated members api to store/retrieve subscriptions
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
37bb12afb3 Added model for stripe_customers_subscriptions
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
0c32dfaa30 Added migrations for stripe tables
no-issue
2019-10-09 16:24:51 +07:00
Fabien O'Carroll
a4ff87a774 Added stripe subscriptions & updated customers table
no-issue
2019-10-09 16:24:51 +07:00
Naz Gargol
786eaac57e
Added permission restrictions to editing members flag (#11217)
no issue

- Added test cases to check edit permission on settings endpoints
- Added test to demonstrate owner-only being able to toggle members flag
- Permission check when editing settings `lab.members`
- Passed additional function to permissions to allow custom selection of unsafe attributes due to settings object structure.
- Fully implementing this check on controller level would be wrong architecturally and not that straight forward because we lack role data in "frame"
- Cleaned up test after moving default_content_visibility to it's own property
2019-10-09 10:26:54 +02:00
Fabien O'Carroll
1e731dcdd3 Removed token param on page load for members
no-issue

This adds a bit of protection from accidentally sharing the url, and
also makes the url look cleaner
2019-10-09 13:36:06 +07:00
Fabien O'Carroll
dd419be2fb Added guard for missing stripe tokens
no-issue

This ensures that even if a stripe config object is present, we still
ensure that stripe is configured without keys
2019-10-09 12:00:53 +07:00
Rishabh Garg
7dc2eb2a1e
Added new requirePaymentForSignup setting for members (#11214)
* Added new `requirePaymentForSignup` setting for members

no issue

- Adds new `requirePaymentForSignup` setting flag for members, `false` by default.

- Wired members API `allowSelfSignup` to `requirePayment` setting
2019-10-08 22:00:46 +05:30
Naz Gargol
daa77c5c00
Permission restrictions for post.visibility modifications (#11213)
no issue

- Limited posts visibility field permissions to Editor-Up + Admin Integrations
- We don't want contributors or other roles lower than Editor to be able to modify content gating attribute
2019-10-08 15:44:27 +02:00
Kevin Ansfield
6028fde666 Merge branch 'master' into v3 2019-10-08 13:58:08 +01:00
Rishabh Garg
d9a0c8732c Fixed error when saving unknown url in bookmark card (#11210)
no issue

- `payload.metadata` may not exist in a bookmark card because it's possible to save a mobiledoc document when the card is in it's "unable to parse url" state in the editor
- check for `payload.metadata` object before performing any url transformations to avoid invalid property access
2019-10-08 11:11:32 +01:00
Fabien O'Carroll
f1ef801b78 🐛 Fixed error when during migration to 2.32.0 on mysql (#11208)
closes #11207

MySQL doesn't allow unqiue keys with a length of more than 191 when using InnoDB with utfmb4. These changes will ensure any incorrect tables created are fixed and have the
correct length for customer_id

* Changed `customer_id` to non-unique column
* Nooped the 2.32 `members_stripe_customers` migration
* Added migration to recreate `members_stripe_customers` table
  * sqlite doesn't allow `ALTER TABLE` queries so this is the cleanest solution considering the table is not yet in use
2019-10-08 11:07:29 +01:00
Kevin Ansfield
32f3f9d2c3 🐛 Fixed "unsaved changes" modal displaying when post has been saved
refs https://github.com/TryGhost/Ghost/issues/10477

The unsaved changes modal is displaying even when the post has been saved if images have been uploaded because the server is transforming absolute image urls to relative during input of the `mobiledoc` field but not transforming them back to absolute during output. The editor then thinks it's out of sync and shows the warning when trying to leave.

- `@tryghost/url-utils` has been updated with new methods for transforming URLs in mobiledoc content
- moves absolute->relative transformation from the API input serializers into the Post model
- transforms URLs in more fields for a more comprehensive transformation and fewer issues when re-configuring a site's domain
  - previously there could be problems with internal links between posts not being transformed so you could change the url config to newdomain.com but links in post content would still be pointing to olddomain.com
- updates the API post output serializers to transform all modified fields
- drops the `?absolute_urls=true` param switch from the `canary` API post output serializer so that all URLs are output as absolute
  - we're transforming more urls to relative when saving so this is necessary to ensure the unsaved changes modal is not triggered
  - the query param isn't documented and will disappear in v3
2019-10-07 22:59:19 +01:00
Kevin Ansfield
fa4e68ba13 Added transformer methods to mobiledoc cards
no issue

- adds abolsute->relative and relative->absolute transformer methods to card definitions
- allows for each card to tailor it's transformation to the specific needs of it's payload so that the `mobiledoc` field can be transformed successfully during API serialization/deserialization
2019-10-07 22:59:19 +01:00
Fabien O'Carroll
5b33507bf8 Allowed overriding the default from address
no-issue

This will allow the members service to pass a custom from address
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
a6086995a6 Refactored GhostMailer into a class
no-issue

This breaks down the send method into distinct components that are
easier to reason about
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
a22d575a9e Removed from and getDomain methods from prototype
no-issue
2019-10-06 21:03:56 +07:00
Fabien O'Carroll
f4dbcb5f35 Changed imported modules assigned to const
no-issue

Updates to current standard
2019-10-06 21:03:56 +07:00
John O'Nolan
423b0d5412 Updated default from-address for system emails (#11202)
no-issue

Until now, we've used ghost@siteurl.com as the default from address for system emails, like user invitations and password resets. This was fine, because all system emails were going to people who would interact with "ghost" the app in some way, so the naming made sense.

Now we're introducing members, which will send emails on behalf of of the site owner, to their readers. If all goes to plan, they should be able to set a custom from address, however our default mail config will still be the fallback if no other value is available.

If you run "magazine.com" and you send someone a link to "login to magazine.com" then it's pretty weird for that email to come from "ghost@magazine.com" - so this PR changes the default value from ghost to noreply for an equally generic, but less opinionated default.
2019-10-06 19:02:10 +07:00
Fabien O'Carroll
b8e39af7ac Added stripe query param to checkout redirect urls
no-issue

The value will be set to one of 'success' or 'cancel' based on howthe
user exited the checkout flow.
2019-10-06 13:54:09 +07:00
Naz Gargol
a4462c5753
Added members CSV export to Admin API (#11198)
no issue
2019-10-03 20:36:22 +02:00
Naz Gargol
bb355ac9f2
Added members CSV import to Admin API (#11197)
no issue

- Improved error handling for member creation. We should be returning 422s instead of 500 when possible
- Wrapped `members.add` method with Bluebird promise. Wrapping is needed to be able to use `.reflect()` in CSV export method
- Added proper members CSV fixture
2019-10-03 19:59:19 +02:00
Kevin Ansfield
1fa70dea23
Whitelisted members endpoints for v2 and canary Admin APIs (#11196)
no issue

- http verbs needed to be whitelisted for the members endpoint to avoid `NotImplementedError`s when accessing
2019-10-03 17:28:20 +01:00
Naz Gargol
30326cbd2d
Added handling for PUT members endpoint (#11194)
no issue

- Adds the ability to edit `name` field for a specific member by using `PUT /members/:id` endpoint
2019-10-03 13:38:22 +02:00
Fabien O'Carroll
d4f71ade11 Added support for dynamic stripe checkout redirects
no-issue

You can now use `data-members-success` and `data-members-cancel` on any
element which also has a valid `data-members-plan` attribute to set the
cancel and success redirects for stripe checkout.

The value will be used similar to how a `href` attribute would be.

e.g.

On a page https://site.com/membership

An attribute of "/success" would redirect to https://site.com/success
An attribute of "success" would redirect to https://site.com/membership/success
An attribute of "https://site.com/whatever" would redirect to https://site.com/whatever
2019-10-03 17:36:33 +07:00
Naz Gargol
5228d9819b
Added members POST API (#11189)
no issue

- Added Regression full test coverage for members Admin API
- Added `POST /members` endpoint
- Added members schema definition + validation
- Added ability to pass through send_email/emal_type options to members API
2019-10-03 11:15:50 +02:00
Kevin Ansfield
839cf0289f Added tests for bookmark card
no issue
2019-10-02 17:47:37 +01:00
Nazar Gargol
fae0975c6e Removed check for isPaid flag
ref 6bbe7bb3d4

- This value is no longer being set on the client side and doesn't serve any purpose. The logic should rely on payment processors being configured instead
2019-10-02 11:22:29 +02:00
Naz Gargol
e214838039
Improve visibility's default handling (#11183)
no issue

- Moved default_content_visibility out of labs as we should be extra careful with what is exposed in the labs + it doesn't really belong there.
2019-10-02 11:08:10 +02:00
Fabien O'Carroll
a3f3a56589 Fixed DELETE method for members on admin
no-issue

members-api uses async functions internally which return non-bluebird
promises, so the `return` method wasn't availiable.
2019-10-02 15:44:14 +07:00
Fabien O'Carroll
2bdef15971 Passed basic updateMember function to members-api
no-issue

This adds support for updating member names
2019-10-02 15:26:40 +07:00
Fabien O'Carroll
db51add380 Passed logging correctly to members-api
no-issue

Since 0.7.2 of members-api setLogger has been removed and expects a
logger to be passed at creation
2019-10-02 14:03:00 +07:00
Fabien O'Carroll
500f8aac17 Passed partner_id in stripe appInfo
no-issue

This correctly configures stripe to use our partner integration
2019-10-01 17:55:59 +07:00
Fabien O'Carroll
655edcd5be Supported data-members-form=signup/signin/subscribe
no-issue

This allows the theme developer to drive the different flows based on
the data-members-form attribute. If the attribute is empty or blank, the
default "signin" will be sent.
2019-10-01 15:16:28 +07:00
Fabien O'Carroll
a0a406fe6a Updated members api to use type for url/email
no-issue

This adds basic templates for "signup"/"signin"/"subscribe" types for
the magic-link email template. It also adds the action query parameter
to the link so that clientside js can handle the different states.
2019-10-01 15:16:28 +07:00
Nazar Gargol
84b08e627d Removed #member tag logic from input/output serializers 2019-09-30 17:46:36 +02:00
Naz Gargol
36379b2806
Added content gating based on visibility flag (#11173)
no issue

- Checks content gating based on members current plan and visibility option set on the requested post/page
2019-09-30 17:40:03 +02:00
Naz Gargol
80f7e0b19e
Added default_content_visibility flag for content gating (#11163)
no issue

- Added 'labs' flag settings test
- Added test for default_content_visibility flag
- Default post's visibility takes into account values set in default_content_visibility setting
2019-09-26 15:40:24 +02:00
Naz Gargol
ff13821b27
Members post gating options (#11160)
no issue

- Removed uses of `visibility` column in frontend url service configs
- The value of `visibility` is always set to 'public' in posts at the moment and doesn't serve any specific purpose when used with these filters.
- Allowed new visibility attributes in post model
- `posts.visibility` column is being repurposed for the needs of member content gating
- Added test for visibility editing in Admin API
- Corrected test schema checks for Admin API post/page responses
2019-09-26 15:38:35 +02:00
Fabien O'Carroll
f1cd51b04b Added support for setting name in members-api
no-issue
2019-09-26 17:32:32 +07:00
Naz Gargol
a562f09c0d
🏗 Migrated subscribers data to members (#11152)
no issue 

- Populates members table with existing subscribers. Only takes into account columns we know already exist and need to be copied i.e `name`/`email`
2019-09-26 10:39:20 +02:00
Fabien O'Carroll
a62b014905 Renamed members_stripe_info to members_stripe_customers
no-issue

This is more specific and better if we start adding more stripe tables
2019-09-26 12:58:29 +07:00
Fabien O'Carroll
9b3d45d4c4 Corrected number for members name column migration
no-issue
2019-09-26 12:58:29 +07:00
Fabien O'Carroll
18285613c9 Ensured webhook handler uses members servicer getter
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
d81e1bf1c3 Allowed newer tokens to refresh member session
no-issue

This is so that an email sent after a payment is made will refresh the
session.
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
a85328f0e5 Passed the set/get metadata methods to members-api
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
d4249a07c0 Wired up the members webhook handler endpoint
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
ab18905c76 Updated members api to use middleware exposed
no-issue
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
11e246a93a Allowed checkout flow to be started without member
no-issue

This will allow non-logged in members to start the stripe checkout flow,
which will result in a webhook being sent
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
a6fa0bc043 Updated member.plans to member.stripe.subscriptions
no-issue

This is to support the new format in which stripe information is
returned from the members-api module.
2019-09-26 11:35:44 +07:00
Fabien O'Carroll
97bf329ee2 Passed appInfo to members-api stripe instance
no-issue
2019-09-26 11:35:44 +07:00
Kevin Ansfield
d69440bd4f
Update dependency @tryghost/url-utils to 0.4.0 (#11156)
no issue

- updates usage of `htmlRelativeToAbsolute` to avoid unnecessary duplication of "home" url fetching (the UrlUtils instance already has that information)
2019-09-25 12:35:59 +01:00
Naz Gargol
d54be917d1
Added name column back to members table (#11151)
refs 294f3769cb

- We have a need for name field now :)
- This time `name` is nullable !
2019-09-25 10:44:50 +02:00
Fabien O'Carroll
c9b4fa4a09 Updated Member model to handle stripe_info property
no-issue

This maps the stripe_info property to the MemberStripeInfo model, so
that we can update the member model, and correctly add/edit rows in the
members-stripe-info table.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e54adfd30d Added MemberStripeInfo model
no-issue

Simple model to allow us to do relations with the Member model
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
fd1db4ffac Added migration for members-stripe-info table
no-issue
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
6859e9a9a1 Added members-stripe-info table
no-issue

This will be used to store stripe specific information for members

customer_id has a max length of 255 https://stripe.com/docs/upgrades

member_id is not unique as we cannot ensure that a member doesn't have
more than one customer object associated with them. e.g. if they signup
twice, or if they cancel, and signup again, creating a new customer.

We probably won't handle this case to begin with, but we will keep the
data intact.
2019-09-25 10:05:30 +07:00
Fabien O'Carroll
e078cb5612 Removed unused password logic from Member model
no-issue
2019-09-25 10:05:30 +07:00
Kevin Ansfield
3eb11533bd Marked the client auth table drop migration as irreversible
no issue

- bumps `knex-migrator` so it supports irreversible migrations
- marks the `03-drop-client-auth` migration as irreversible because it destroys data that is not recoverable and is required for earlier versions of Ghost to function
2019-09-23 17:22:46 +01:00
Rishabh Garg
6d0f19ebfa
🏗 Migrated scheduler to work with v2 API (#11142)
* Updated scheduler to use v2 API by default

* Updated scheduling for post/page resource types

* Extended base method to take options param with token and jwt options

* Updated token expiration to 6 hours after publish/blog start time to allow retries
2019-09-23 21:42:53 +05:30
Naz Gargol
50546d8cba
🔥 Removed deprecated ghost_head and ghost_foot properties from /settings responses (#11144)
no issue 

- Removed ghost_head/ghost_foot propeties from Content API `GET /setting` response
- Removed ghost_head/ghost_foot from the output in Admin API
- Added validation when requesting ghost_head/ghost_food fields
- Updated deprecation comments
2019-09-23 12:59:00 +02:00
Hannah Wolfe
0107ac848a Improved x-request-id handling
- Currently, we create a request ID for internal use if one isn't set & this is used in logs
- If a custom request ID is set via X-Request-ID header, this gets logged, however, we don't return this with the response
- Means that a custom ID gets lost on the way back out, and makes tracing requests through a system trickier
- This change ensures that if X-Request-ID is set on the request, it is also set on the response so that requests can be properly traced
- It's easy to set this in e.g. nginx so that the feature becomes available - Ghost doens't need to do this
- Note: also split request id handling out into new middleware
2019-09-22 18:23:45 +01:00
Kevin Ansfield
5189f5e640 Removed begin/end html comments from output of most cards
no issue

- the begin/end comments are only really useful when wrapping free-form content cards such as html and markdown, the rest all have specific elements and classes that can be used in parsers
- made the comment wrappers optional in the `render()` function created by the `createCard()` factory
- opted into comment wrappers for the html and markdown cards
2019-09-20 14:31:42 +01:00
Nazar Gargol
cc8f9bcb98 Marked code property for removal in Ghost 4.0
refs https://github.com/TryGhost/gscan/issues/144
refs https://github.com/TryGhost/gscan/pull/259

- The property hasn't been marked correctly in Ghsot 2.0 so will be able to go away the earliest in Ghost 4.0
2019-09-19 12:15:17 +02:00